wiki/linux/GnomeRdp.md

# Gnome built-in RDP fix. Ffs they are stupid.

This is possible; after a bunch of research I have these working steps (most recently tested on Fedora 38 installer, user 'liveuser'):

1. SSH to remote host

```text
ssh liveuser@localhost-live
```

2. Install prerequisite/useful packages

```text
sudo dnf install openssl screen htop
```

3. Desktop access

Ensure host desktop is unlocked (grdctl and other gnome commands require that the desktop is not locked to operate properly)

```text
# list available sessions
loginctl list-sessions

# unlock session for ttyN (usually '1' for liveuser)
loginctl unlock-session 1
```

4. Unlock gnome-keyring

necessary if no user has logged in to the running session recently

```text
pkill -9 -f gnome-keyring-daemon
echo -n "liveuser" | gnome-keyring-daemon --unlock
```

5. Create key and certificate for gnome-remote-desktop TLS

```text
mkdir tmp
cd tmp
openssl genrsa -out rdp-tls.key 4096
openssl req -new -key rdp-tls.key -subj "/C=US" | openssl x509 -req -days 730 -signkey rdp-tls.key -out rdp-tls.crt
mkdir -p /home/liveuser/.local/share/gnome-remote-desktop/
mv rdp-tls.key rdp-tls.crt /home/liveuser/.local/share/gnome-remote-desktop/
```

6. Configure gnome-remote-desktop

```text
grdctl status
grdctl rdp set-tls-cert /home/liveuser/.local/share/gnome-remote-desktop/rdp-tls.crt
grdctl rdp set-tls-key /home/liveuser/.local/share/gnome-remote-desktop/rdp-tls.key
grdctl rdp set-credentials liveuser liveuser
grdctl rdp disable-view-only
grdctl status
```

7. Start services

```text
grdctl rdp enable
systemctl --user start gnome-remote-desktop.service
```

8. Verification

```text
grdctl status --show-credentials
systemctl --user status gnome-remote-desktop.service
```

9. Remote access

Gnome Connections do work.

As root:

```text
dnf install xfreerdp
```

As normal user:

```text
xfreerdp /u:liveuser /p:liveuser /v:localhost-live
```